The Java Health centre is an eclipse plugin which allows you to monitor Liberty( and so MQWEB, z/OSMF, z/OS Connect, etc) on z/OS.
You can look at
- the Java classes being used,
- the environment variables, and startup parameters.
- charts of garbage collection
- method profiling
Before you get to far into investigation be warned, this is basically insecure.
- By default anyone can connect to it
- You can specify a file with userid and password in it (in clear text)
- You can use TLS – but you have to have a keystore in a file rather than the security manager, and RACF keyrings.
- You cannot use RACF or other security manager for authentication and authorization.
Install the health centre on Eclipse.
I used Eclipse Marketplace to install IBM Monitoring and Diagnostic Tools – Health Center 3.0.12
Configuring Health center on Liberty.
You can use
- headless mode, where files are written to the local file system, transported to your Eclipse environment and reviewed offline.
- Connection from Eclipse to give real time information
See Configuring the monitoring agent and Health Center configuration properties.
Headless mode
Add the following to the JVM.options (or other start up), change the directory location.
-XHealthCenter -Dcom.ibm.diagnostics.healthcenter.headless=on -Dcom.ibm.java.diagnostics.healthcenter.data.collection.level=headless -Dcom.ibm.java.diagnostics.healthcenter.headless.output.directory=/u/adcd/java/ -Dcom.ibm.diagnostics.healthcenter.readonly=on
Restart the server.
Download the files from the specified directory to your works station, so the files are available from Eclipse.
In Eclipse
Window -> Open Perspective -> Open Perspective -> Health Center Status Summary
File -> Load Data…
Specify the file name.
Interactive mode
First time use (with little or no security)
-Xhealthcenter:transport=jrmp, port=8125 -Dcom.ibm.diagnostics.healthcenter.logging.level=info -Dcom.ibm.diagnostics.healthcenter.readonly=on -Dcom.ibm.diagnostics.healthcenter.data.profiling=off
Note: Use -Dcom.ibm.diagnostics.healthcenter.data.profiling=off to start the server with profiling disabled.
Restart the server. Check the error log for messages like INFO: Health Center agent started on port 8125.a
On Eclipse, once you have installed the health center.
Window -> Open Perspective -> Open Perspective -> Health Center Status Summary
Open a connection to the server
File->”New Connection” (do not select the “New” option)
JMX; Host name 10.1.1.2; Port 8125; Untick Scan next 100 ports
This should connect you.
Problems
If you get
- Unable to contact agent: Non IBM version of Java has been detected. Check the server is fully active, and you get a message in STDERR INFO: Health Center agent started on port 8125. in STDERR
Ping the IP address to check connectivity.
Quick overview
Once you have connected, or loaded the files
- Environment gives you the properties and class paths.
- Classes
- Classes loaded shows you the classes loaded, and if they can from the shared cache or not.
- Class Histogram shows you information of all the fields and variables. For example I had 196106 Ljava/lang/String – so lots of string variables, and 146973 HashMap nodes.
- Method profiling
- Self – which was the hottest method.
- Tree – includes parents. The top element in the tree is java.lan.Thread.run. All work runs on a thread, so all work will be reported under this.
- Click a line and select Invocation Paths to show who called the method.
- Where you get a chart with Elapsed time … you can use your mouse, to select a time period and zoom in. Click on “elapsed time” to unzoom.
Securing Health Center
This is documented in Securing Health Center – but is missing standard Z techniques of protecting resources.
- By default anyone can connect to it
- You can specify a file with userid and password in it (in clear text)
- You can use TLS – but you have to have a keystore in a file rather than the security manager, and using RACF keyrings.
- You cannot use RACF or other security manager for authentication and authorization.
ColinPaice 